Re: Security Alert #68 - patchsets required on client software also?

comments as ever
On Mon, 20 Sep 2004 16:10:39 -0400, Paul Drake <bdbafh_at_gmail.com> wrote:
> I'm really hoping that Oracle changes their position on this one ...
> but in case someone has already obtained more info on this issue
> already ...

I'd also like more info, but if the client is affected - and I was wondering how it wouldn't be for some of the vulnerabilities - then just patching the server/app server seems to only be doing half a job.

> What is your company's position on applying the patchsets covered by
> Oracle Security Alert #68 - to the Oracle Client Software already
> installed on desktops and application servers (not the Oracle Database
> server(s)).

we'd do the app servers as a matter of course - 3000 remote laptops is a somewhat different proposition. I haven't looked at doing that yet, in the past we have used SMS I'm not sure whether we'd go that way here.

> This is mentioned (in no detail) in the following doc:
>
> http://metalink.oracle.com/metalink/plsql/showdoc?db=Not&id=282108.1
>
> Item #21.
>
> 21. Is the Database Client install equally vulnerable?
>
> Yes, according to Development, all database clients on all
> versions have to be patched also. The same patch for the database
> server can be applied on the client installation also.
>
> thanks in advance for your opinions.

Sounds like the persdon writing the patch note doesn't know what the patch does....

-- 
Niall Litchfield
Oracle DBA
http://www.niall.litchfield.dial.pipex.com
--
http://www.freelists.org/webpage/oracle-l